similar to: Bug in Kerberos support for openssh.

Displaying 20 results from an estimated 100 matches similar to: "Bug in Kerberos support for openssh."

2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h
2007 Sep 18
1
program to monitor USB keys
I wrote a small program to monitor keyboards found on /dev/input/event* It works great but I always get EAGAIN from my read() function. google says this is normal when open() is used and O_NONBLOCK mode. I know this is slightly offtopic but I was wondering if the centos gurus that also program know anything about this. My goal was to not be eating CPU cycles with a small program that just
2006 Feb 10
0
Bug in gssapi support
Hi, Was trying to use the gssapi support and the authentication would consistently die for me. The following patch fixes: --- src/auth/mech-gssapi.c.orig 2006-01-10 15:46:10.000000000 +1300 +++ src/auth/mech-gssapi.c @@ -138,7 +138,7 @@ static OM_uint32 obtain_service_credenti return major_status; } - gss_release_name(&minor_status, gss_principal); +
2003 Sep 30
0
Samba 3.0.0 compile problems (with gssapi headers)
Hello, I have a compile problem concerning samba-3.0.0 (final) with gssapi on a Solaris 9 machine. I don't know how to fix this, so any suggestions are welcome. Situation: We use LDAP to authenticate logins of a group of users, so I want to use this LDAP directory also from samba. (Openldap-2.1.22 was compiled with BerkeleyDB.4.1, heimdal-0.6 kerberos, and cyrus-sasl-2.1.13). After a
2010 Mar 18
2
aumentar tamaño de memoria a mas de 4Gb‏
Hola de nuevo, Esta es la información de mi sesion: R version 2.10.1 (2009-12-14) i386-pc-mingw32 locale: [1] LC_COLLATE=Spanish_Spain.1252 LC_CTYPE=Spanish_Spain.1252 [3] LC_MONETARY=Spanish_Spain.1252 LC_NUMERIC=C [5] LC_TIME=Spanish_Spain.1252 attached base packages: [1] stats graphics grDevices utils datasets methods base Lo que yo prentendo es
2005 Dec 30
1
Compile problem on FreeBSD 6.0-STABLE
Trying to update to dovecot-1.0.alpha5 and seeing this at compile time: mech-gssapi.o mech-gssapi.c; then mv -f ".deps/mech-gssapi.Tpo" ".deps/mech-gssapi.Po"; else rm -f ".deps/mech-gssapi.Tpo"; exit 1; fi mech-gssapi.c:30:27: gssapi/gssapi.h: No such file or directory mech-gssapi.c:42: error: syntax error before "gss_ctx_id_t" mech-gssapi.c:51: error:
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2007 May 02
0
Selected value in a combobox
I''m using ActiveScaffold. In the file house_helper.rb I have written the code: def house_form_column(record, input_name) ... list = House.find(:all, :include => ''city'') new_list=... ... list do |element| if record = element.name selec=element.id end end select_tag ''X'',options_for_select(new_list, selected=selec),
2006 Sep 18
1
Incorrect GSSAPI Service Name for POP3
In pop3-login/client-authenticate.c, when sasl_server_auth_begin() is called, it does so with the service name of "POP3". GSSAPI uses this service name when obtaining its service credentials. The problem is that according to http://www.iana.org/assignments/gssapi-service-names , the service name should instead be simply "pop". This causes GSSAPI authentication to fail when
2008 Aug 12
2
[PATCH] Allow GSSAPI to work with multihomed hosts
I saw some past chatter on this in the list archives, but here is another stab and another rational. This patch follows a similar patch to openssh in that it allows any key in the specified keytab to match the incoming host key. This is necessary for multihomed hosts. See: https://bugzilla.mindrot.org/show_bug.cgi?id=928 IMAP/POP seem to be a strong candidate to be multihomed because they are
2007 Mar 08
1
Coredump in dovecot-auth on gss auth
I've enabled the GSS code in dovecot, but our Kerberos nerds are complaining that it doesn't work :) I probably have the thing totally misconfigured (so don't worry about that part for now), but I do have a crash: Info: imap-login: Disconnected: rip=XXX.YYY.229.8, lip= XXX.YYY.17.59, TLS handshake Error: auth(default): gssapi(?,XXX.YYY.229.8): While acquiring service credentials: No
2008 Aug 12
5
[PATCH] Support GSS-SPNEGO natively
I cooked this up while trying to figure out why thunderbird on Windows w/ SSPI was not working, but it turned out thunderbird does not use it, so I haven't been able to test it yet. I'm presenting it for discussion only, unless someone else can try it :) Modern versions of MIT kerberos support GSS-SPNEGO natively, but are only willing to negotiate for kerberos tickets and not NTLM
2006 Mar 01
1
Patch to src/auth/mech-gssapi.c
This bug causes a segfault when compiled against heimdal, but not MIT krb5. Either way, I think this code is correct. HTH. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | jfh at cise.ufl.edu
2003 Oct 16
0
Samba 3.0.0 CVS 3.0.1pre2: "libads/kerberos_verify.c", line 77: improper member use: keyblock
This has been submitted to https://bugzilla.samba.org/ as Bug 636 I'm trying to build Samba 3.0.0 CVS 3.0.1pre2 under Solaris 8 with MIT Kerberos 5 1.3.1 OpenLDAP 2.1.22 using the Sun Workshop 6U2 compiler Arguments to configure are: configured by ./configure, generated by GNU Autoconf 2.53, with options \"'--with-readline' '--with-libiconv=/usr/local'
2004 Mar 04
4
Solaris 9 --with-krb5 problems
Hi, I am running configure with the option --with-krb5=/opt/local which is where I have heimdal installed. The problem is that after running make, it still tries to use the include files from SUN that are in /usr/ and this screws up the compile. I can compile samba just fine using --without-krb5. I have already tried: setenv CFLAGS "-L/opt/local/lib" setenv CPPFLAGS
2018 Oct 04
2
CentOS 7.5, Apache 2.4, Kerberos
Hi List, My goal in sending this email is to get some direction on where to start looking to solve my problem. Thank you all in advance for reading through this and providing any guidance! I'm working on moving to new servers, upgrading from CentOS 6.7 to CentOS 7.5. In this move, we are also upgrading from Apache/2.2.15 to Apache/ 2.4.33. Our servers are all sitting behind a load
2006 Jul 13
2
Kerberos Keytab Code Update in 3.0.23
First thing - I'd like to say a big "THANK YOU" to the developers. I just upgraded to samba-3.0.23 and I've noticed an alarming issue with respect to my configuration. I've been using the built-in keytab management and it looks like the updated code no longer creates the userPrincipal in Active Directory. Whether this is an issue for others or not, it would be nice to have
2007 Feb 03
1
GSSAPI authentication behind HA servers
Hi all, We have 2 mail servers sitting behind linux-HA machines.The mail servers are currently running dovecot 1.0rc2. Looking to enable GSSAPI authentication, I exported krb keytabs for imap/node01.domain at REALM and imap/node02.domain at REALM for both mail servers. However, clients are connecting to mail.domain.com, which results in a mismatch as far as the keytab is concerned (and rightly
2005 Jul 06
0
[PATCH] Simplify Kerberos credentials cache code
The attached patch removes the duplicated credentials cache generation code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure which is then called by both sections of code. It's against the latest portable CVS tree. Cheers, Simon. -------------- next part -------------- Index: auth-krb5.c =================================================================== RCS file:
2012 Mar 28
2
patch for OSX
Attached is a patch to make sshd work on OSX when using plain ol' Kerberos authentication as opposed to opendirectory authentication. Cheers, Nick -------------------------------------------------------------------------- NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the